Menu

Privacy Policy

Version V1: January 2024

Spendicious B.V., a Dutch limited liability company registered with the Trade Register of the Chamber of Commerce under no. [XXXXXX] (“Spendicious”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy. This privacy policy (“Privacy Policy”) explains how we gather, use, share and protect data that identifies or is associated with you (“personal data”) in relation to our website www.spendicious.com including the services offered on such website (the “Platform”), and your choices about the collection and use of your information. To operate our Platform, Spendicious must process certain personal data of its users. This Privacy Policy is applicable to all instances where Spendicious acts as a controller under the General Data Protection Regulation ("GDPR").

By using our service, you acknowledge and agree to the collection and use of information as described in this Privacy Policy. This policy is relevant to all individuals, including visitors, users, and anyone else who accesses our website or our Service ("Users").

1. What kind of information do we collect

We collect or may require the following (personal) information from you in order to provide our services on the Platform:

  • Full name
  • E-mail address
  • Username and password (optional)
  • Demographic data (optional)
  • IP address
  • Information that your browser sends whenever you visit our website or Platform
  • Communications between you and us

2. For what purposes do we use your personal data?

We use all of the above information to help us provide and support our Services. Here is how:
  • Communication: sending emails, newsletters, and other messages to keep you informed of our services and the Platform. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link. We also use the personal data to deal with inquiries and complaints made by you relating to the Platform and to address your questions, issues, and concerns;
  • Website monitoring: to check the Platform and our other technology services are being used appropriately and to optimize their functionality;
  • Platform optimization: improve, test, and monitor the effectiveness of our Platform and diagnose or fix technology problems;
  • Managing suppliers: who deliver services to us;
  • Easyaccess: to help you efficiently access your information after you sign in and to remember information so you will not have to re-enter it during your visit or the next time you visit the Platform;
  • Statistics: monitor metrics such as total number of visitors, traffic, demographic patterns and patterns in our data (on an anonymized and aggregated basis);
  • Development: develop and test new products and features. And improve our Platform.

3. Our legal grounds for using your personal data

We will process your personal data for a number of reasons:
  • You have given us consent; Where we are processing personal data with your consent, you can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
  • We require to process personal data for the performance of the contractual relationship with you;
  • We need to process personal data to comply with the legal obligations we are subject to in The Netherlands or in other jurisdictions, which include such obligations as accessing, preserving and sharing your personal data in response to a legal request such as a search warrant, court order, or subpoena;
  • Processing is necessary for our legitimate business interests. Our legitimate business interests are:
    • managing our business and relationship with you;
    • understanding and responding to inquiries and User feedback;
    • understanding how our Users use the Platform;
    • identifying what our Users want and developing our relationship with you, your company or organization;
    • improving our Platform and offerings;
    • managing our supply chain;
    • developing relationships with business partners;
    • sharing data in connection with acquisitions and transfers of our business;
    • If we have a good faith belief it is necessary to (i) detect, prevent and address fraud and other illegal activity and (ii) to protect ourselves, you, and others, including as part of investigations.

    4. How is this information shared?

    We share your data with our sub-processors.

    5. Change of control

    If we sell or otherwise transfer part or the whole of Spendicious B.V. or our assets to another organization (e.g., in the course of a transaction like a merger, acquisition, bankruptcy, dissolution, liquidation), your information collected through the Service may be among the items sold or transferred. The buyer or transferee will have to honor the commitments we have made in this Privacy Policy.

    6. Safety and security

    We have taken appropriate technical and organizational measures by using the latest technologies to protect your information against loss or unlawful processing. We use safeguards to help keep the information collected through the Service secure. However, Spendicious cannot ensure the security of any information you transmit to us or guarantee that information on the Service may not be accessed, disclosed, altered, or destroyed. We request you to do your part to help us. You are responsible for controlling access to emails between you and Spendicious, at all times. We are not responsible for the functionality, privacy, or security measures of any other organization.

    7. Your Rights

    In accordance with the GDPR you have the following rights in respect of your personal data that we hold:
    • Access: you are entitled to ask us if we are processing your personal data and, if we are, you can request access to your personal data. This enables you to receive an overview of the personal data we hold about you and certain other related information;
    • Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected;
    • Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims;
    • Restriction: you are entitled to ask us to restrict the processing of certain of your personal data about you, for example, if you want us to establish its accuracy or if the processing is unlawful;
    • Portability: you have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person;
    • Objection: where we are processing your personal data based on legitimate interests, you may challenge this. However, we may be entitled to continue processing your information as stated in the GDPR. You also have the right to object where we are processing your personal information for direct marketing purposes;

    Residents in other jurisdictions may have similar rights to the above. If you want to exercise any of these rights, or for any questions or concerns that you may have, please contact our data protection officer via privacy@spendicious.com. You also have a right to lodge a complaint with a data protection supervisory authority, in particular in a member state in the European Union where you are habitually resident, where we are based, or where an alleged infringement of Data Protection law has taken place.

    8. Third-party applications, websites, and services

    We are not responsible for the practices employed by any applications, websites or services linked to or from our Service, including the information or content contained within them. Please remember that when you use a link to go from our Service to another application, website or service, our Privacy Policy does not apply to those third-party applications, websites or services. Your browsing and interaction on any third-party application, website or service, including those that have a link on our Services, are subject to that third party's own rules and policies.

    9. Where will your information be held?

    Your information will be held on servers in the European Economic Area. We will take steps to protect your information in line with locally applicable data protection requirements. Your information may be transferred to and maintained on computers located outside of your country, where the data protection laws may differ from those in your jurisdiction. We may transfer information on the condition that all appropriate safeguards required by applicable laws are in place. This may include a prior data transfer impact assessment, the adoption, monitoring and evaluation of supplementary technical, organizational and legal measures, enforceable data subject rights, and that effective legal remedies for data subjects are available. When we transfer your personal data to a country that does not have an adequate level of data protection safeguards, be assured that we have implemented the required supplementary security safeguards. Unless an adequacy decision or alternative transfer mechanism applies, we have entered into and shall maintain Standard Contractual Clauses with our sub-processors (including our affiliates) located outside the EEA. If you are located outside the European Economic Area and choose to provide information to us, please note that we transfer the information to the European Economic Area.

    10. How long do we keep your data?

    We generally keep your information only as long as needed to provide the services on our Platform. We will retain your information as necessary to comply with legal, accounting, or regulatory requirements. Information we receive about you may be accessed, processed, and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.

    11. Children

    Our Service does not address anyone under the age of 16 ("Children"). We do not knowingly collect personally identifiable information from children under 16. If you are a parent or guardian and you are aware that your Children has provided us with personal information, please contact us. If we become aware that we have collected personal information from a child under age 16 without verification of parental consent, we take steps to remove that information from our servers.

    12. Changes to this Policy

    We may modify or update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

    13. How to contact us

    If you have any questions about this Privacy Policy, please contact us via privacy@spendicous.com.